Privacy by Design: Best Practices for Privacy and the Smart Grid

  • Ann Cavoukian


The Smart Grid has the potential to deliver substantial value, but is a significant endeavour that will require privacy risk mitigation measures to be taken. The infrastructure that will support the Smart Grid will be capable of collecting detailed information on energy consumption use and patterns within the most private of places – our homes. We must ensure that the cornucopia of personally identifiable data is managed in a trustworthy and transparent manner. Embracing a positive-sum model whereby privacy and energy conservation objectives are achieved in unison is key to ensuring consumer trust and confidence. Privacy standards are needed against which utility stakeholders can map their Smart Grid developments and implementation.

With the expertise and leadership of the two major electricity providers in Canada, the Information and Privacy Commissioner of Ontario has applied the principles of Privacy by Design (the Gold Standard for data protection) to develop a practical roadmap – a set of seven best practices for embedding privacy into the design of the Smart Grid. Now is the time to bake privacy into the Smart Grid, while it is in its nascent stages of development and implementation.


Personal Information Smart Grid Federal Trade Commission Identifiable Information Inside Threat 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. Accenture: Accenture Launches Smart Grid Data Management Solution to Reduce Risks and Costs of Smart Grid Deployments. Accenture, 2010.Google Scholar
  2. Anderson, Ross and Fuloria, Shailendra: On the security economics of electricity metering. In: Proceedings of the Ninth Workshop on the Economics of Information Security (WEIS 2010), 2010.Google Scholar
  3. Bill 21, Energy Conservation Responsibility Act, 2006. Legislative Assembly of Ontario, 2006.Google Scholar
  4. Cavoukian, Ann: Privacy by Design: The 7 Foundational principles, Implementation and Mapping of Fair Information Practises. Information and Privacy Commissioner of Ontario, Canada, 2010.Google Scholar
  5. California Public Utilities Commission: Decision Adopting Requirements For Smart Grid Deployment Plans Pursuant To Senate Bill 17 (Padilla), Chapter 327, Statutes Of 2009. California Public Utilities Commission, 2010.Google Scholar
  6. The Economist: Building the energy internet. The Economist. May 11, 2004.Google Scholar
  7. The Economist: Wiser wires. The Economist, October 8, 2009.Google Scholar
  8. The Economist: Building the smart grid. The Economist, June 4, 2009.Google Scholar
  9. Electricity Act,1998, S.O. 1998, c. 15, Sched. A.Google Scholar
  10. Electric Power Research Institute: Report to the National Institute of Standards and Technology on the Smart Grid Interoperability Standards Roadmap. Electric Power Research Institute, 2009.Google Scholar
  11. Energy Information Administration: Annual Energy Review 2008. Energy Information Administration, 2009.Google Scholar
  12. Federal Communications Commission: Memorandum and Opinion, FCC 06–113. Federal Communications Commission, 2006.Google Scholar
  13. Federal Trade Commission: FTC Staff Revises Online Behaviour Advertising Principles. Federal Trade Commission, 2009.Google Scholar
  14. Federal Trade Commission: FTC Staff Report: Self-Regulatory Principles For Online Behavioral Advertising. Federal Trade Commission, 2009.Google Scholar
  15. Hart, George: Nonintrusive Appliance Load Monitoring. Proceedings of the IEEE, Vol. 80, No. 12, December 1992.CrossRefGoogle Scholar
  16. Illinois Smart Grid Initiative: Empowering Consumers Through a Modern Electrical Grid. Report of the Illinois Smart Grid Initiative, 2009.Google Scholar
  17. Institute for Information Infrastructure Protection: Human Behavior, Insider Threat and Awareness. Institute for Information Infrastructure Protection, 2009.Google Scholar
  18. International Organisation for Standardization: ISO/IEC 12207:2008. International Organisation for Standardization, 2008.Google Scholar
  19. Information and Privacy Commissioner of Ontario, Canada and The Future of Privacy Forum: SmartPrivacy for the Smart Grid: Embedding Privacy into the Design of Electricity Conservation. Information and Privacy Commissioner of Ontario, Canada, 2009.Google Scholar
  20. Information and Privacy Commissioner of Ontario, Canada, Hydro One Inc. and Toronto Hydro Corporation: Privacy by Design: Achieving the Gold Standard in Data Protection for the Smart Grid, 2010.Google Scholar
  21. Jamieson, Alastair: Smart meters could be ‘spy in the home’. Tony Gallagher: The Telegraph, October 11, 2009.Google Scholar
  22. Keemink, Sander and Roos, Bart: Security analysis of Dutch smart metering systems. Universiteit van Amsterdam, 2008.Google Scholar
  23. La Forest, Gérard (J): R. v. Silveira, [1995] 2 S.C.R. 297, 23 O.R. (3d) 256. 1995.Google Scholar
  24. Laughman, Christopher; Lee, Kwangduk; Cox, Robert; Shaw, Steven; Leeb, Steven; Norford, Les and Armstrong, Peter: Power Signature Analysis. IEEE Power & Energy Magazine, March/April 2003.Google Scholar
  25. Leo, Alan: The Measure of Power: Non-Intrusive Load Monitoring Gives Detailed Views of Where Power is Going, With Payoffs for Utilities, Consumers, and maybe Big Brother. Technology Review Magazine, June 28, 2001.Google Scholar
  26. Lisovich, Mikhail and Wicker, Stephen: Privacy Concerns in Upcoming Residential and Commercial Demand-Response Systems. IEEE Proceedings On Power Systems, Vol. 1, No. 1, March 2008.Google Scholar
  27. Martin, Peter (J.A): R. v. Gomboc. 2009 ABCA 276, 247 C.C.C. (3d) 119. 2009.Google Scholar
  28. Maykuth, Andrew: Utilities’ smart meters save money, but erode privacy. The Philadelphia Inquirer, September 6, 2009.Google Scholar
  29. Ministry of Energy and Infrastructure: Functional Specifications for an Advanced Metering Infrastrucutre. Ministry of Energy and Infrastructure, 2007.Google Scholar
  30. National Institute of Standards and Technology: Draft NIST Interagency Report (NISTIR) 7628, Smart Grid Cyber Security Strategy and Requirements. National Institute of Standards and Technology, 2009.Google Scholar
  31. Ontario Regulation 393/07 of the Electricity Act, 1998.Google Scholar
  32. Ontario Energy Board: 2010/2011 Distribution Rate Application (EB-2009–0096), Exhibit F1, Tab 1, Schedule 3. Ontario Energy Board, 2009.Google Scholar
  33. Ontario Smart Grid Forum: Enabling Tomorrow’s Electricity System. Ontario Smart Grid Forum, 2009.Google Scholar
  34. Ohm, Paul: Broken Promises of Privacy: Responding to the Surprising Failure of Anonymization (Legal Studies Research Paper No. 09–12). University of Colorado Law School, 2009.Google Scholar
  35. OpenSG Subcommittee and Utility Smart Grid Executive Working Group: Smart Grid Standards Adoption: Utility Industry Perspective. UCA International Users Group, 2009.Google Scholar
  36. Puxley, Chinta: Ontario Promises to Close Coal Plants by 2014, Reduce Greenhouse Emissions., 2007.Google Scholar
  37. Quinn, Elias Leake: Privacy and the New Energy Infrastructure. Centre for Energy and Environmental Security, Working Paper Series, 2009.Google Scholar
  38. Scalia, Antonin Gregory (J.A.): Kyllo v. United States, 533 U.S. 27 (2001), 190 F.3d 1041. 2001.Google Scholar
  39. U.S. Department of Energy: The Smart Grid: An Introduction. U.S. Department of Energy, 2008.Google Scholar
  40. U.S. Department of Energy: Smart Grid System Report. U.S. Department of Energy, 2009.Google Scholar
  41. Utility Consumers’ Action Network and Privacy Rights Clearinghouse: Comments by Utility Consumers’ Action Network and Privacy Rights Clearinghouse on the Assigned Commissioner’s February 8th Scoping Memo. Utility Consumers’ Action Network, 2010.Google Scholar
  42. World Economic Forum and Accenture: Accelerating Smart Grid Investments. World Economic Forum, 2009.Google Scholar

Copyright information

© Vieweg+Teubner Verlag | Springer Fachmedien Wiesbaden GmbH 2011

Authors and Affiliations

  • Ann Cavoukian
    • 1
  1. 1.Information and Privacy Commissioner of OntarioOntarioCanada

Personalised recommendations